Port forward from FusionHub to existing Firewall when drop in mode shares 1 public IP

Hi everyone, having issues getting something working so would love some feedback. In this config:

Existing Firewall at 192.168.1.1 with a web server connected at 192.168.1.10
Internet has a /29, the Gateway is 72.X.X.113 and the Firewall is assigned 72.X.X.114

The existing Firewall port forwards TCP 80 to the 192.168.1.10, so when accessing 72.X.X.114 remotely, the web server comes up as expected.

I connect a HD2 using Drop in Mode and assign 72.X.X.115 to it which is connected to FusionHub via PepVPN. FusionHub is 77.X.X.10. On FusionHub, I turn on TCP 80 port forwarding over WAN1 to 72.X.X.114. When I do this, I can access 77.X.X.10 and I’m brought to the web server also which works.

Where I’m confused/stuck though is in a scenario where there’s only 1 single public IP vs a /29 how to do the same thing. I changed the config for testing purposes and instead of assigning the HD2 72.X.X.115 I told it to share the 72.X.X.114 IP of the Firewall, but I can no longer access the web server at 192.168.1.10 via FusionHub’s public IP when I do this. Tried changing a bunch of settings and other port forward options but nothing seems to work. The IP assigned to the HD2 I left as the default which was I believe 169.254.0.1.

So just trying to figure out what the correct process is when using drop in mode with 1 public IP when I want to port forward from FusionHub to the existing firewall, as it works great when there’s multiple public IPs, but most of our customers only have 1.

Dear @liammonroe

thanks for reporting the issue. We have replicated your problem (FW 8.0.1/8.0.2). Firewall cannot be accessed via SpeedFusion if Balance uses Drop-in mode with shared IP.

This should be fixed in a new firmware. Please stay tuned!

Regards

1 Like

Hi Ricardas,

That’s great news thanks for the update. When you say fixed in new firmware, does that mean one soon like 8.0.3 or whatever is next, or does it just mean it’s on the roadmap to be fixed?

Can you also let me know what IP I’d use for the server for port forwarding in FusionHub just so I know? So if the firewall and the Peplink are sharing IP 72.x.x.114, in FusionHub port forwarding, would I set it to forward from FusionHub’s WAN to 72.x.x.114?

Lastly, is this issue just something that came up in the current FW version, as in if I use an older version it should work? Or has this always been an issue? Just curious as if an older FW works I can at least use that now for testing etc.

Thanks!

Hi @liammonroe

the fix should be available in a next main firmware 8.1.0.
Old firmwares won’t work.

Overall the issue is related with the routing. Shared WAN IP is not advertised in OSPF by default and won’t be enabled automatically. But there will be an option (OSPF & RIPv2 section) to turn it on manually for a scenario like yours.

You are correct regarding port forwarding. On FusionHub you point your necessary port to shared IP/firewall IP. Keep in a mind that ports 80,443 are used by WebAdmin by default. Therefore for your web server proper access, please change WebAdmin ports on FusionHub and on Drop-in router (HD2)
to some other numbers.

Kind regards!

1 Like